Lecture 15 Designing Trusted Operating Systems
|
|
- Dorothy Blair
- 6 years ago
- Views:
Transcription
1 Lecture 15 Designing Trusted Operating Systems Thierry Sans : Introduction to Computer and Network Security
2 Anatomy of an operating system
3 Concept of Kernel Definition Component that provides an communication layer between the hardware and the software The kernel is in charge of Managing the memory Managing processes (allocation and synchronization) Managing data resources (filesystem, I/O devices) Managing communication... and so in charge of enforcing security mechanisms
4 Two design philosophies Monolithic Kernels Like the Linux kernel Microkernels Like the Windows NT or BSD kernels (even though considered as hybrid kernels) Discussion between L. Torvalds and A. Tanenbaum
5 Monolithic kernels Philosophy All OS services run along with the main kernel thread in the same memory area Pros and Cons Easier to design Dependencies between components
6 Microkernels Philosophy Implement minimal OS services for memory and process management Other services (I/O, networking...) are implemented as servers in the user-space memory The first general-purpose microkernel was Mach (Carnegie Mellon University) Pros and Cons Easy to maintain Many system calls that can slow down the system
7 Where the security should be...
8 Open Design principle Open Design A protection mechanism must not depend on the fact that its design is secret Kerckhoffs' principle Unfortunately wrong designs, that violates this principle, exist in practice See lecture 17 on Digital Rights Management (DRM)
9 Design principles to restrict privileges Least Privilege Each user (understand each program) must have the smallest privilege set needed to operate Separation of privileges A business process must be split in different elementary tasks with minimum privileges Least Common Mechanism Reduce and control the exchange of information between shared objects and resources (potential channels for information leakage)
10 Access Control design principles Permission based Identifies what can be permitted and any unidentified access ( close world hypothesis) Complete mediation Every access attempt must be checked and cannot be circumvent Trusted path Access control mechanisms cannot be spoofed or intercepted by a malicious user program
11 The keep it simple and usable principles Economy of mechanism The design of a security mechanism must be small and easy to analyze Increasing the reliability in security mechanisms Ease of use A security mechanism must be easy to use Avoiding users and/or administrators to disable security mechanisms
12 Security features for Operating Systems Identification and Authentication of users Protection of the execution context Focus: protecting the processes Protection of general objects (access control) Focus: the reference monitor Focus: the object reuse attack Protection of administrative data and processes Focus: managing the logs
13 Protection of the execution context Protection of the memory Already seen in lecture 12 In a concurrent context, a process needs to Access to some resources Synchronize with other processes Be executed All of these must be controlled by the operating system
14 Focus: Protecting processes Enforced Sharing Must have access to resources as appropriate Interprocess communication and Synchronization Must have access to synchronization mechanisms Guaranteed Fair Service Must get a fair CPU allocation time to run (preventing starvation)
15 Protection of general objects Two kind of objects to consider Static objects File and I/O devices Dynamic objects Mainly used for synchronization and sharing between concurrent programs The Reference Monitor In charge of enforcing the access control policy (DAC and/or MAC)
16 Focus: the concept of Reference Monitor Objective Controlling access to objects Not necessarily a single piece of code but rather a collection of protection mechanisms The reference Monitor must be Tamperproof - impossible to weaken or disable Unbypassable - always invoked on every access Analyzable - small enough to be easily validated
17 Focus: The Object Reuse attack Reusable objects Free disk or memory space can contain old (and sensitive) data that have been previously disallocated Possible counter-measure Clear the portion of memory by rewriting it with garbage code A more general problem Magnetic remanence How to discard old magnetic devices?
18 Security features for administration Protect security configuration data and processes Definition of system (and/or security) administrators Configuring (even implementing) an administration model for access control Setup and protect accountability mechanisms Useful to detect a misconfiguration or an attack (remember an attack is not necessarily disruptive) Useful to recover from attack and take countermeasures
19 Focus: Managing and analyzing logs Problem Logs are difficult to manage and analyze in practice For instance, a program can cause hundreds of access creating a huge volume of data making it hard to analyze Solution Classify the logs according to their sensitivity level Analyzed the logs using specialized audit programs (or intrusion detection programs) Passive (off-line or on-line) raise an alert Pro-active (on-line) block the access (IPS)
20 Strengthening the security of an OS Trust Computing Base Operating Systems make a distinction between TCB and non-tcb components of the kernel TCB components that handles the security of the system and that must not be tampered by users (nor even administrators) Non-TCB components that will not jeopardize the security of the system if tampered by the users (or administrators)
21 Example of Trusted-OS: SELinux Security-Enhanced Linux (SELinux) Developed by the NSA to implements the multilevel military security policy proposed by the US DoD First released as a Linux patch, SELinux is now fully integrated into the Linux Kernel (version 2.6)
22 Virtualization Objective Provide a constraint execution environment by simulating a collection resources Examples The Java virtual machine Virtual Memory Space Virtual Machines
23 Virtual Machines
24 Conclusion The best way to learn more is to take a closer look at your OS Play with your OS and learn how it has been built Identify the security mechanims and understand how they contribute to secure the system Play with other OS and compare them Learn about the details and found the breach Create a proof of concept attack (exploit) and become an ethical hacker
25 Open question... Policy Administrates Administrates How can I be sure that Bob will not tamper its system to bypass access control mechanisms and have a full access to my data?
Introduction to Computer Security
Introduction to Computer Security Instructor: Mahadevan Gomathisankaran mgomathi@unt.edu 1 Introduction So you can specify a well-thought-out policy and a concrete model now what? Now it s time for a system
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationOperating System Architecture. CS3026 Operating Systems Lecture 03
Operating System Architecture CS3026 Operating Systems Lecture 03 The Role of an Operating System Service provider Provide a set of services to system users Resource allocator Exploit the hardware resources
More informationLast time. User Authentication. Security Policies and Models. Beyond passwords Biometrics
Last time User Authentication Beyond passwords Biometrics Security Policies and Models Trusted Operating Systems and Software Military and Commercial Security Policies 9-1 This time Security Policies and
More informationKernel Types Simple OS Examples System Calls. Operating Systems. Autumn CS4023
Operating Systems Autumn 2017-2018 Outline 1 2 3 Types of 2.4, SGG The OS Kernel The kernel is the central component of an OS It has complete control over everything that occurs in the system Kernel overview
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationLast Class: OS and Computer Architecture. Last Class: OS and Computer Architecture
Last Class: OS and Computer Architecture System bus Network card CPU, memory, I/O devices, network card, system bus Lecture 4, page 1 Last Class: OS and Computer Architecture OS Service Protection Interrupts
More informationChapter 2: Operating-System Structures. Operating System Concepts 8 th Edition
Chapter 2: Operating-System Structures Operating System Concepts 8 th Edition Silberschatz, Galvin and Gagne 2009 Chapter 2: Operating-System Structures Different Services of Operating System. System Calls-
More informationTutorial on Memory Management, Deadlock and Operating System Types
Operating Systems and Systems Integration Tutorial on Memory Management, Deadlock and Operating System Types 1 Background 1.1 Memory management Virtual memory: is a method of managing memory automatically
More informationOperating System Structure
Operating System Structure Heechul Yun Disclaimer: some slides are adopted from the book authors slides with permission Recap: Memory Hierarchy Fast, Expensive Slow, Inexpensive 2 Recap Architectural support
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating System Structure
Operating System Structure Heechul Yun Disclaimer: some slides are adopted from the book authors slides with permission Recap OS needs to understand architecture Hardware (CPU, memory, disk) trends and
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationCS 550 Operating Systems Spring Operating Systems Overview
1 CS 550 Operating Systems Spring 2018 Operating Systems Overview 2 What is an OS? Applications OS Hardware A software layer between the hardware and the application programs/users which provides a virtualization
More informationCHAPTER 8 FIREWALLS. Firewall Design Principles
CHAPTER 8 FIREWALLS Firewalls can be an effective means of protecting a local system or network of systems from network-based security threats while at the same time affording access to the outside world
More informationAdvanced Systems Security: Multics
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationOperating Systems. Operating System Structure. Lecture 2 Michael O Boyle
Operating Systems Operating System Structure Lecture 2 Michael O Boyle 1 Overview Architecture impact User operating interaction User vs kernel Syscall Operating System structure Layers Examples 2 Lower-level
More informationCSC Operating Systems Spring Lecture - II OS Structures. Tevfik Ko!ar. Louisiana State University. January 17 th, 2007.
CSC 4103 - Operating Systems Spring 2008 Lecture - II OS Structures Tevfik Ko!ar Louisiana State University January 17 th, 2007 1 Announcements Teaching Assistant: Asim Shrestrah Email: ashres1@lsu.edu
More informationAnnouncements. Operating System Structure. Roadmap. Operating System Structure. Multitasking Example. Tevfik Ko!ar
CSC 4103 - Operating Systems Spring 2008 Lecture - II OS Structures Tevfik Ko!ar Teaching Assistant: Asim Shrestrah Email: ashres1@lsu.edu Announcements All of you should be now in the class mailing list.
More informationInfluential OS Research Security. Michael Raitza
Influential OS Research Security Michael Raitza raitza@os.inf.tu-dresden.de 1 Security recap Various layers of security Application System Communication Aspects of security Access control / authorization
More informationAdministrative Details. CS 140 Final Review Session. Pre-Midterm. Plan For Today. Disks + I/O. Pre-Midterm, cont.
Administrative Details CS 140 Final Review Session Final exam: 12:15-3:15pm, Thursday March 18, Skilling Aud (here) Questions about course material or the exam? Post to the newsgroup with Exam Question
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationTo provide a grand tour of the major operating systems components To provide coverage of basic computer system organization
Introduction What Operating Systems Do Computer-System Organization Computer-System Architecture Operating-System Structure Operating-System Operations Process Management Memory Management Storage Management
More informationDTOS General System Security and Assurability Assessment Report
Part Number Version Date 26 June 1997 DTOS General System Security and Assurability Assessment Report CONTRACT NO. MDA904-93-C-4209 CDRL SEQUENCE NO. A011 Prepared for: Maryland Procurement Office Prepared
More informationIntroduction to Operating Systems. Chapter Chapter
Introduction to Operating Systems Chapter 1 1.3 Chapter 1.5 1.9 Learning Outcomes High-level understand what is an operating system and the role it plays A high-level understanding of the structure of
More informationOS structure. Process management. Major OS components. CSE 451: Operating Systems Spring Module 3 Operating System Components and Structure
CSE 451: Operating Systems Spring 2012 Module 3 Operating System Components and Structure Ed Lazowska lazowska@cs.washington.edu Allen Center 570 The OS sits between application programs and the it mediates
More informationWhat are some common categories of system calls? What are common ways of structuring an OS? What are the principles behind OS design and
What are the services provided by an OS? What are system calls? What are some common categories of system calls? What are the principles behind OS design and implementation? What are common ways of structuring
More informationOperating Systems. Lecture Course in Autumn Term 2015 University of Birmingham. Eike Ritter. September 22, 2015
Lecture Course in Autumn Term 2015 University of Birmingham September 22, 2015 Course Details Overview Course Details What is an Operating System? OS Definition and Structure Lecture notes and resources:
More informationOperating Systems: Internals and Design Principles. Chapter 2 Operating System Overview Seventh Edition By William Stallings
Operating Systems: Internals and Design Principles Chapter 2 Operating System Overview Seventh Edition By William Stallings Operating Systems: Internals and Design Principles Operating systems are those
More informationAdvanced Systems Security: Security-Enhanced Linux
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationSAZ4B/SAE5A Operating System Unit : I - V
SAZ4B/SAE5A Operating System Unit : I - V TM Unit I: Contents Views, Goals & Types of system OS Structure, Components & Services System Structures &Layered Approach Virtual Machines System Design and Implementation.
More informationModule: Operating System Security. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Operating System Security Professor Trent Jaeger 1 OS Security So, you have built an operating system that enables user-space processes to
More informationFour Components of a Computer System
Four Components of a Computer System Operating System Concepts Essentials 2nd Edition 1.1 Silberschatz, Galvin and Gagne 2013 Operating System Definition OS is a resource allocator Manages all resources
More informationAgenda Process Concept Process Scheduling Operations on Processes Interprocess Communication 3.2
Lecture 3: Processes Agenda Process Concept Process Scheduling Operations on Processes Interprocess Communication 3.2 Process in General 3.3 Process Concept Process is an active program in execution; process
More information6.033 Spring Lecture #6. Monolithic kernels vs. Microkernels Virtual Machines spring 2018 Katrina LaCurts
6.033 Spring 2018 Lecture #6 Monolithic kernels vs. Microkernels Virtual Machines 1 operating systems enforce modularity on a single machine using virtualization in order to enforce modularity + build
More informationProtection. Thierry Sans
Protection Thierry Sans Protecting Programs How to lower the risk of a program security flaw resulting from a bug? 1. Build better programs 2. Build better operating systems Build Better Programs Why are
More informationTrusted OS Design CS461/ECE422
Trusted OS Design CS461/ECE422 1 Reading Material Section 5.4 of Security in Computing 2 Design Principles Security Features Kernelized Design Virtualization Overview 3 Design Principles Simplicity Less
More informationOperating- System Structures
Operating- System Structures 2 CHAPTER Practice Exercises 2.1 What is the purpose of system calls? Answer: System calls allow user-level processes to request services of the operating system. 2.2 What
More informationQualifying exam: operating systems, 1/6/2014
Qualifying exam: operating systems, 1/6/2014 Your name please: Part 1. Fun with forks (a) What is the output generated by this program? In fact the output is not uniquely defined, i.e., it is not always
More informationOperating System Services. User Services. System Operation Services. User Operating System Interface - CLI. A View of Operating System Services
Operating System Services One set of services for users The other set of services for system operations Operating Systems Structures Notice: This set of slides is based on the notes by Professor Perrone
More informationCourse Details. Operating Systems with C/C++ Course Details. What is an Operating System?
Lecture Course in Autumn Term 2013 University of Birmingham Lecture notes and resources: http://www.cs.bham.ac.uk/ exr/teaching/lectures/opsys/13_14 closed facebook group: UoBOperatingSystems anyone registered
More informationIntroduction to Operating. Chapter Chapter
Introduction to Operating Systems Chapter 1 1.3 Chapter 1.5 1.9 Learning Outcomes High-level understand what is an operating system and the role it plays A high-level understanding of the structure of
More informationOperating System Structure
Operating System Structure Joey Echeverria joey42+os@gmail.com December 6, 2004 Carnegie Mellon University: 15-410 Fall 2004 Overview Motivations Kernel Structures Monolithic Kernels Open Systems Microkernels
More informationOperating Systems Overview. Chapter 2
Operating Systems Overview Chapter 2 Operating System A program that controls the execution of application programs An interface between the user and hardware Masks the details of the hardware Layers and
More informationInformation Security CS 526
Information Security CS 526 s Security Basics & Unix Access Control 1 Readings for This Lecture Wikipedia CPU modes System call Filesystem Permissions Other readings UNIX File and Directory Permissions
More informationAdvanced Systems Security: Principles
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationCSCI 420: Mobile Application Security. Lecture 7. Prof. Adwait Nadkarni. Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger
CSCI 420: Mobile Application Security Lecture 7 Prof. Adwait Nadkarni Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger 1 cryptography < security Cryptography isn't the solution to
More informationOperating System Structure
Operating System Structure Joey Echeverria joey42+os@gmail.com April 18, 2005 Carnegie Mellon University: 15-410 Spring 2005 Overview Motivations Kernel Structures Monolithic Kernels Open Systems Microkernels
More informationTopics in Systems and Program Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Topics in Systems and
More informationCS3600 SYSTEMS AND NETWORKS
CS3600 SYSTEMS AND NETWORKS NORTHEASTERN UNIVERSITY Lecture 1: Overview and Introduction Prof. Alan Mislove (amislove@ccs.neu.edu) What is an Operating System? 2 What is an Operating System? A program
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1 Review Previous topics access control authentication session
More informationIntroduction to Operating Systems. Chapter Chapter
Introduction to Operating Systems Chapter 1 1.3 Chapter 1.5 1.9 Learning Outcomes High-level understand what is an operating system and the role it plays A high-level understanding of the structure of
More informationAdvanced Systems Security: Principles
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationIntroduction to Operating Systems
Introduction to Operating Systems Chapter 1 1.3 Chapter 1.5 1.9 Learning Outcomes High-level understand what is an operating system and the role it plays A high-level understanding of the structure of
More informationSubject: Operating System (BTCOC403) Class: S.Y.B.Tech. (Computer Engineering)
A. Multiple Choice Questions (60 questions) Subject: Operating System (BTCOC403) Class: S.Y.B.Tech. (Computer Engineering) Unit-I 1. What is operating system? a) collection of programs that manages hardware
More informationA Comparison of Two Distributed Systems: Amoeba & Sprite. By: Fred Douglis, John K. Ousterhout, M. Frans Kaashock, Andrew Tanenbaum Dec.
A Comparison of Two Distributed Systems: Amoeba & Sprite By: Fred Douglis, John K. Ousterhout, M. Frans Kaashock, Andrew Tanenbaum Dec. 1991 Introduction shift from time-sharing to multiple processors
More informationOS DESIGN PATTERNS II. CS124 Operating Systems Fall , Lecture 4
OS DESIGN PATTERNS II CS124 Operating Systems Fall 2017-2018, Lecture 4 2 Last Time Began discussing general OS design patterns Simple structure (MS-DOS) Layered structure (The THE OS) Monolithic kernels
More informationOS Structure. Kevin Webb Swarthmore College January 25, Relevant xkcd:
OS Structure Kevin Webb Swarthmore College January 25, 2018 Relevant xkcd: One of the survivors, poking around in the ruins with the point of a spear, uncovers a singed photo of Richard Stallman. They
More informationOperating System. Operating System Overview. Structure of a Computer System. Structure of a Computer System. Structure of a Computer System
Overview Chapter 1.5 1.9 A program that controls execution of applications The resource manager An interface between applications and hardware The extended machine 1 2 Structure of a Computer System Structure
More informationProcesses and Threads
COS 318: Operating Systems Processes and Threads Kai Li and Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall13/cos318 Today s Topics u Concurrency
More informationIntroduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria
Introduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria Evaluation: assessing whether a product has the security properties claimed for it. Certification: assessing whether a
More informationIntroduction to Security and User Authentication
Introduction to Security and User Authentication Brad Karp UCL Computer Science CS GZ03 / M030 14 th November 2016 Topics We ll Cover User login authentication (local and remote) Cryptographic primitives,
More informationELEC 377 Operating Systems. Week 1 Class 2
Operating Systems Week 1 Class 2 Labs vs. Assignments The only work to turn in are the labs. In some of the handouts I refer to the labs as assignments. There are no assignments separate from the labs.
More informationModule 1 Introduction/OS Overview
Module 1 Introduction/OS Overview Reading: Chapter 1 and 2 (Silberchatz) Objective: Quick overview of computer system organization the processor (CPU), memory, and input/output, architecture and general
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationOperating System Security, Continued CS 136 Computer Security Peter Reiher January 29, 2008
Operating System Security, Continued CS 136 Computer Security Peter Reiher January 29, 2008 Page 1 Outline Designing secure operating systems Assuring OS security TPM and trusted computing Page 2 Desired
More informationMotivation. Threads. Multithreaded Server Architecture. Thread of execution. Chapter 4
Motivation Threads Chapter 4 Most modern applications are multithreaded Threads run within application Multiple tasks with the application can be implemented by separate Update display Fetch data Spell
More informationRoadmap. Tevfik Koşar. CSE 421/521 - Operating Systems Fall Lecture - II OS Structures. University at Buffalo. OS Design and Implementation
CSE 421/521 - Operating Systems Fall 2013 Lecture - II OS Structures Tevfik Koşar University at Buffalo August 29 th, 2013 1 Roadmap OS Design and Implementation Different Design Approaches Major OS Components!
More informationOS Design Approaches. Roadmap. System Calls. Tevfik Koşar. Operating System Design and Implementation. CSE 421/521 - Operating Systems Fall 2013
CSE 421/521 - Operating Systems Fall 2013 Lecture - II OS Structures Roadmap OS Design and Implementation Different Design Approaches Major OS Components!! Memory management! CPU Scheduling! I/O Management
More informationCS350: Final Exam Review
University of Waterloo CS350: Final Exam Review Gwynneth Leece, Andrew Song, Rebecca Putinski Winter, 2010 Intro, Threads & Concurrency What are the three views of an operating system? Describe them. Define
More informationProcess Description and Control
Process Description and Control 1 Process:the concept Process = a program in execution Example processes: OS kernel OS shell Program executing after compilation www-browser Process management by OS : Allocate
More informationOperating Systems. Pablo Prieto Torralbo. 1. Introduction DEPARTMENT OF COMPUTER ENGINEERING
Operating Systems 1. Introduction Pablo Prieto Torralbo DEPARTMENT OF COMPUTER ENGINEERING AND ELECTRONICS This material is published under: Creative Commons BY-NC-SA 4.0 Remember CPU registers Cache CPU
More informationOS Design Approaches. Roadmap. OS Design Approaches. Tevfik Koşar. Operating System Design and Implementation
CSE 421/521 - Operating Systems Fall 2012 Lecture - II OS Structures Roadmap OS Design and Implementation Different Design Approaches Major OS Components!! Memory management! CPU Scheduling! I/O Management
More informationOPERATING SYSTEMS: Lesson 1: Introduction to Operating Systems
OPERATING SYSTEMS: Lesson 1: Introduction to Jesús Carretero Pérez David Expósito Singh José Daniel García Sánchez Francisco Javier García Blas Florin Isaila 1 Why study? a) OS, and its internals, largely
More informationN-Variant SystemsA Secretless Framework for Security through. Diversity Cox et al.
N-Variant Systems A Secretless Framework for Security through Diversity Cox et al. The problem Software homogeneity makes the process of leveraging a known exploit easy. Some solutions Address space randomization
More informationChapter 1: Introduction
Chapter 1: Introduction Silberschatz, Galvin and Gagne 2009 Chapter 1: Introduction What Operating Systems Do Computer-System Organization Computer-System Architecture Operating-System Structure Operating-System
More informationIS 2150 / TEL 2810 Information Security and Privacy
IS 2150 / TEL 2810 Information Security and Privacy James Joshi Professor, SIS Access Control OS Security Overview Lecture 2, Sept 6, 2016 1 Objectives Understand the basics of access control model Access
More informationOutline. V Computer Systems Organization II (Honors) (Introductory Operating Systems) Language-based Protection: Solution
Outline V22.0202-001 Computer Systems Organization II (Honors) (Introductory Operating Systems) Lecture 21 Language-Based Protection Security April 29, 2002 Announcements Lab 6 due back on May 6th Final
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationRedCastle v3.0 for Asianux Server 3 Certification Report
KECS-CR-08-21 RedCastle v3.0 for Asianux Server 3 Certification Report Certification No.: KECS-CISS-0104-2008 April 2008 IT Security Certification Center National Intelligence Service This document is
More informationCS 261 Fall Mike Lam, Professor. Virtual Memory
CS 261 Fall 2016 Mike Lam, Professor Virtual Memory Topics Operating systems Address spaces Virtual memory Address translation Memory allocation Lingering questions What happens when you call malloc()?
More informationLinux Systems Security. Security Design NETS Fall 2016
Linux Systems Security Security Design NETS1028 - Fall 2016 Designing a Security Approach Physical access Boot control Service availability and control User access Change control Data protection and backup
More informationLecture Topics. Announcements. Today: Operating System Overview (Stallings, chapter , ) Next: Processes (Stallings, chapter
Lecture Topics Today: Operating System Overview (Stallings, chapter 2.1-2.4, 2.8-2.10) Next: Processes (Stallings, chapter 3.1-3.6) 1 Announcements Consulting hours posted Self-Study Exercise #3 posted
More informationOperating-System Structures
Operating-System Structures Chapter 2 Operating System Services One set provides functions that are helpful to the user: User interface Program execution I/O operations File-system manipulation Communications
More informationChapter 1: Introduction. Operating System Concepts 8th Edition,
Chapter 1: Introduction, Administrivia Project 0 due Monday. Reading: 2.1 2.7. Next Time: Operating system structure. 1.2 Outline Process management. Storage management and characteristics. Miscellaneous
More informationLast 2 Classes: Introduction to Operating Systems & C++ tutorial. Today: OS and Computer Architecture
Last 2 Classes: Introduction to Operating Systems & C++ tutorial User apps OS Virtual machine interface hardware physical machine interface An operating system is the interface between the user and the
More informationProcesses & Threads. Process Management. Managing Concurrency in Computer Systems. The Process. What s in a Process?
Process Management Processes & Threads Managing Concurrency in Computer Systems Process management deals with several issues: what are the units of execution how are those units of execution represented
More informationCSC Operating Systems Fall Lecture - II OS Structures. Tevfik Ko!ar. Louisiana State University. August 27 th, 2009.
CSC 4103 - Operating Systems Fall 2009 Lecture - II OS Structures Tevfik Ko!ar Louisiana State University August 27 th, 2009 1 Announcements TA Changed. New TA: Praveenkumar Kondikoppa Email: pkondi1@lsu.edu
More informationAnnouncements. Computer System Organization. Roadmap. Major OS Components. Processes. Tevfik Ko!ar. CSC Operating Systems Fall 2009
CSC 4103 - Operating Systems Fall 2009 Lecture - II OS Structures Tevfik Ko!ar TA Changed. New TA: Praveenkumar Kondikoppa Email: pkondi1@lsu.edu Announcements All of you should be now in the class mailing
More informationMASSACHUSETTS INSTITUTE OF TECHNOLOGY Computer Systems Engineering: Spring Quiz I Solutions
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.033 Computer Systems Engineering: Spring 2011 Quiz I Solutions There are 10 questions and 12 pages in this
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of
More informationEEE 435 Principles of Operating Systems
EEE 435 Principles of Operating Systems Operating System Structure (Modern Operating Systems 1.7) Outline Operating System Structure Monolithic Systems Layered Systems Virtual Machines Exokernels Client-Server
More informationIntroduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria
Introduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria Evaluation: assessing whether a product has the security properties claimed for it. Certification: assessing whether a
More informationEthical Hacking and Countermeasures: Attack Phases, Second Edition. Chapter 1 Introduction to Ethical Hacking
Ethical Hacking and Countermeasures: Attack Phases, Second Edition Chapter 1 Introduction to Ethical Hacking Objectives After completing this chapter, you should be able to: Understand the importance of
More informationSecurity System and COntrol 1
Security System and COntrol 1 Security Management By: Joseph Ronald Canedo It is a Risky World Vulnerabilities Security objectives: Prevent attacks Detect attacks Recover from attacks Attacks: against
More informationRole 1: The Operating System is an Abstract Machine. Learning Outcomes. Introduction to Operating Systems. What is an Operating System?
Learning Outcomes Introduction to Operating Systems Chapter 1 1.3 Chapter 1.5 1.9 High-level understand what is an operating system and the role it plays A high-level understanding of the structure of
More informationE M S C B Milestone No. I Secure Linux Hard-Disk Encryption REQUIREMENTS SPECIFICATION
E M S C B Milestone No. I Secure Linux Hard-Disk Encryption REQUIREMENTS SPECIFICATION based on European Multilaterally Secure Computing Base (EMSCB) Abstract: The aim of this EMSCB-based security service
More informationReserves time on a paper sign-up sheet. Programmer runs his own program. Relays or vacuum tube hardware. Plug board or punch card input.
Introduction & Ch1 Two Roles of an Operating System Extended Machine or virtual machine Device drivers, Processes, File systems, Networking protocols. Resource Manager Allocates and enforces Memory, Disk
More information